The Day of the Bots
The Day of the Bots
March 21 2007: Symantec claims Internet attack activity has moved away from “status oriented attacks” towards profit driven activities.
David Sykes, Symantec’s VP of Asia Pacific, says, “You tend to see threats to users following broadband penetration in a country. USA is the number one in terms of bandwidth penetration. When you divide it by the number of users, Israel is at top of the list followed by Taiwan and Poland.”
The prevailing threat trend hasn’t changed a lot. “Bots are of most concern,” says Sykes. “There’s a major proliferation of bots, usually riding on back of spam. It’s more about trying to get you onto fake website via social engineering techniques and trying to harness the power of a PC that’s on 24x7 and can generate spam. They’re actually sell armies and herds of bots.”
Earlier this week Eugene Kaspersky or Russia’s Kaspersky Labs remarked that "If the growth in malware continues at the current pace, makers of anti-virus software may not be able to withstand the onslaught."
So does Symantec agree this is an un-winnable battle?
Sykes disagrees though in his more pessimistic moments he does see a problem. “You need to look at it in a bigger context than just anti virus. Anti-virus alone cannot do job. You’re going to need protection strategies, some form of firewall, anti-spam and anti-spyware. In my more pessimistic moments, I might agree, not because of technical abilities. We can learn from the bad guys (like bots) and shrinking own footprint. But while you have end users willing to give passwords and logins over the phone we will continue to struggle. It’s more about user education and nature of threat than sophistication of bad guys.”
If this is the case then we should be expecting to see Symantec getting involved in Senator Coonan’s new federally funded awareness campaign www.staysmartonline.gov.au.
On this front, Sykes says, “We will get engaged when we’re asked to. Anything that helps raise awareness, you can expect me to support.”
Bonnie & Clyde knew where to look, but regulation won’t work
Report states that the US Government was the worst in terms of data breaches. Previously reports suggest the top position is held by the Finance sector (according to Ponemon Report, Feb 2006).
As to why government agencies are being targeted Sykes says, “I was once asked why Bonny and Clyde rob banks. Well it’s simple. That’s where money is. Why governments then? That’s where vast majority of data is. If you wanted to find data to compromise, think about a big juicy government department. You’re far more likely to get an outcome of results there due to the sheer size of data they hold.”
Sykes says Symantec is working with Privacy Right Clearing House www.privacyrights.org which has concluded the most frequent breach is data theft from stolen notebook or USB key and poor security policy. A stolen laptop from a Boeing employee of the details of 382,000 people, including their social security numbers, tipped the total to over a 100 million instances of breached data.
One possible response we could take, which the Privacy Commissioner raised publicly a few months ago, was adopting a similar law to California’s Senate Bill 1386 which places greater responsibility on the guardian of information.
Sykes believes this kind of legislation would not solve the problem but that it “does add value”. “For example, Australia’s anti-spam legislation has done nothing to cut back spam worldwide. But it has done a brilliant job of keeping suckers off our shores. Would the reality of forcing companies to disclose data breaches be useful? Probably not. But does it raise awareness to encourage. It can be very hard to prove so you need to walk a fine line.
Future threats
Sykes says to watch what’s happening with Vista and collaborative environments coming on stream. “It’s fertile grounds for bad guys.”
On the enterprise he believes virtualised machines are the next target. “If you can virtualise data, you can virtualise a threat and it can stop by brute force.”